none
NETLOGON Error 5783 on Exchange Server 2010 to Server 2008 R2 Domain

    Question

  • We have a simple domain, single forest and only one site.  I recently upgraded my DCs to Server 2008 R2.  We also have a single Exchange 2010 Standard server running on Server 2008 R2.

    DC1 - 192.168.0.2
    DC2 - 192.168.0.3
    Exchange - 192.168.0.4

    Over the weekend I received the following Error on Exchange:

    Log Name:      System
    Source:        NETLOGON
    Date:          8/10/2012 1:54:15 PM
    Event ID:      5783
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      EXCHANGE.Fellowship.local
    Description:
    The session setup to the Windows NT or Windows 2000 Domain Controller \\DC1.Domain.local for the domain DOMAIN is not responsive.  The current RPC call from Netlogon on \\EXCHANGE to \\DC1.Domain.local has been cancelled.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="NETLOGON" />
        <EventID Qualifiers="0">5783</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-08-10T17:54:15.000000000Z" />
        <EventRecordID>63761</EventRecordID>
        <Channel>System</Channel>
        <Computer>EXCHANGE.Fellowship.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data>\\FCDC1.Fellowship.local</Data>
        <Data>FELLOWSHIP</Data>
        <Data>EXCHANGE</Data>
      </EventData>
    </Event>

    So far I cannot see anything that is affected by this problem.  However, I am concerned since this seems like a serious error.  There are no errors on either of my DCs, and DNS looks to be set up correctly.  Is there anything I can check, or will this lead to any future problems?

    Thanks in advance.

    Sunday, August 12, 2012 1:42 PM

Answers

  • Hello,

    For me I think that this is a DNS related issue. More details about the error message you got: http://technet.microsoft.com/en-us/library/bb727055.aspx

    Since you have two DCs, proceed like that:

    • Make sure that both DCs are DNS and GC servers
    • Make sure that both DCs are using ONLY one IP address and that there is ONLY one NIC adapter enabled (All other ones should be disabled)
    • Make each DC point to the other one as primary DNS server, its private IP address as secondary one and 127.0.0.1 as third one
    • Add PUBLIC DNS servers as FORWARDERS on both DCs and NOT in IP settings

    Once done, run ipconfig /registerdns and restart netlogon on each DC you have. Also, check your DNS system and delete ALL obsolete DNS records for DCs.

    For Exchange server, make it point to bother DCs are primary and secondary DNS server.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Sunday, August 12, 2012 1:49 PM
  • You may receive this error(event id 5783) when there is network connection issue or the DNS server is not able for access(dns misconfig) or AV or 3rd party security application which act as firewall and block DNS query.In case if the error is occuring please check your DNS settings on the Exchange server and also check if the replication between your DCs is working correctly.If you are facing issue please post the ipconfig /all of both DC and exchange and also run dcdiag/q and repadmin /replsum and post the same.

    More on event details refer below link.

    Event ID: 5783 Source: NETLOGON
    http://www.eventid.net/display.asp?eventid=5783&eventno=1024&source=NETLOGON&phase=1
    http://www.chicagotech.net/troubleshooting/evenid5783.htm

    It seems from your comment that error has stop occuring so you can ignore the same as this could be due to network connectivity issue.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, August 16, 2012 11:21 PM
  • Hi,

    Agree with Sandesh, This could be related to performance, add additional processor/RAM and observe the problem. Also there are many other reasons for event 5738: NIC driver outdated, LAN/WAN connectivity issue, broken secure channel, security or antivirus application, Windows firewall, DNS issue.

    Are the all servers, exchange server and DCs are updated with latest service packs and patches?

    Could you please post dcdiag /q and ipconfig /all result from DC and exchange server?


    Best regards,

    Abhijit Waikar.
    MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
    Blog: http://abhijitw.wordpress.com
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Monday, August 20, 2012 11:05 PM
  • The solution was that we removed an enterprise CA and the certificate was invalid.  We were not using certificates on the domain, so we exported the certificate for the invalid CA and all errors disappeared.
    • Marked as answer by bmattyd Tuesday, October 30, 2012 9:53 PM
    Tuesday, October 30, 2012 9:53 PM

All replies

  • Hello,

    For me I think that this is a DNS related issue. More details about the error message you got: http://technet.microsoft.com/en-us/library/bb727055.aspx

    Since you have two DCs, proceed like that:

    • Make sure that both DCs are DNS and GC servers
    • Make sure that both DCs are using ONLY one IP address and that there is ONLY one NIC adapter enabled (All other ones should be disabled)
    • Make each DC point to the other one as primary DNS server, its private IP address as secondary one and 127.0.0.1 as third one
    • Add PUBLIC DNS servers as FORWARDERS on both DCs and NOT in IP settings

    Once done, run ipconfig /registerdns and restart netlogon on each DC you have. Also, check your DNS system and delete ALL obsolete DNS records for DCs.

    For Exchange server, make it point to bother DCs are primary and secondary DNS server.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Sunday, August 12, 2012 1:49 PM
  • I agree with Mr X.

    To better help diagnose it, let's see the following info, please:

    • Unedited ipconfig /all from the two DCs, and from the Exchange server.
    • Any other event logs on the DC and Exchange server. Check all Event log errors including the Windows Logs - the App & System logs, and under Application and Services Logs, if applicable - the AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Server logs. Post the Event ID# and Source name in the event, and the server name it came from.

    .

    Based on the error, it occured Friday, 8/10 at 1:54PM, not over the weekend. Did something occur around that time, such as a power outage or power spike due to a storm?  Anything since that time over the weekend?

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Sunday, August 12, 2012 7:57 PM
  • Hi,

    I would like to confirm what is the current situation? Have you resolved the problem?

    If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.


    Lawrence

    TechNet Community Support


    Thursday, August 16, 2012 6:59 AM
    Moderator
  • Have you verified below hotfix has been applied on the servers? Also, make sure all the systems are running with latest service pack & patches.

    A secure channel is broken after you change the computer password on a Windows 7 or Windows Server 2008 R2-based client computer

    http://support.microsoft.com/kb/979495


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, August 16, 2012 8:38 AM
    Moderator
  • The error has not occurred since last Friday.  I noticed exactally 1 week earlier was the date and time I performed the P2V and booted into my ESXi Host.  I am curious if this was related to the timeout on the old physical session.  Is that a possibility?
    Thursday, August 16, 2012 8:57 PM
  • You may receive this error(event id 5783) when there is network connection issue or the DNS server is not able for access(dns misconfig) or AV or 3rd party security application which act as firewall and block DNS query.In case if the error is occuring please check your DNS settings on the Exchange server and also check if the replication between your DCs is working correctly.If you are facing issue please post the ipconfig /all of both DC and exchange and also run dcdiag/q and repadmin /replsum and post the same.

    More on event details refer below link.

    Event ID: 5783 Source: NETLOGON
    http://www.eventid.net/display.asp?eventid=5783&eventno=1024&source=NETLOGON&phase=1
    http://www.chicagotech.net/troubleshooting/evenid5783.htm

    It seems from your comment that error has stop occuring so you can ignore the same as this could be due to network connectivity issue.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, August 16, 2012 11:21 PM
  • The error did occur again on Friday evening at 6:00 PM.  I noticed that at the exact same time there was a spike in the processor resources on DC1.  I only have 1 processor on this particular DC VM.
    Monday, August 20, 2012 3:19 PM
  • It seems to me this issue is related to perfromance issue on the VM,you can increase the RAM and add additional processor and see how does it work.You can also set perfromance counters to monotinor the process,memory,etc.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, August 20, 2012 5:34 PM
  • Hi,

    Agree with Sandesh, This could be related to performance, add additional processor/RAM and observe the problem. Also there are many other reasons for event 5738: NIC driver outdated, LAN/WAN connectivity issue, broken secure channel, security or antivirus application, Windows firewall, DNS issue.

    Are the all servers, exchange server and DCs are updated with latest service packs and patches?

    Could you please post dcdiag /q and ipconfig /all result from DC and exchange server?


    Best regards,

    Abhijit Waikar.
    MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
    Blog: http://abhijitw.wordpress.com
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Monday, August 20, 2012 11:05 PM
  •  Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as 'Answered' as the previous steps should be helpful for many similar scenarios.

    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    In addition, we'd love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks!


    Lawrence

    TechNet Community Support

    Monday, August 27, 2012 3:24 AM
    Moderator
  • The solution was that we removed an enterprise CA and the certificate was invalid.  We were not using certificates on the domain, so we exported the certificate for the invalid CA and all errors disappeared.
    • Marked as answer by bmattyd Tuesday, October 30, 2012 9:53 PM
    Tuesday, October 30, 2012 9:53 PM